Premium FeatureCentral Authentication Service (CAS)
— Available in the Professional, Professional Plus, and Enterprise Editions. Learn more
or contact LabKey
is an open-source authentication server that lets a user sign on to multiple applications while providing their credentials only once to a centralized CAS Server. Enabling CAS authentication lets LabKey Server authenticate users using a CAS server, without users providing their credentials directly to LabKey Server. CAS integration currently supports CAS Protocol 3.0
and requires an email attribute returned in the validation response XML.
You can also configure LabKey Server as a CAS Identity Provider, to which other servers can delegate authentication. For details see Configure CAS Identity Provider
Note that basic HTTP authentication
and netrc authentication using usernames
are both disabled when SSO authentication is enabled. API keys
are required for using the LabKey APIs when SSO is enabled.
Add/Configure a CAS Single Sign On Provider
- Select (Admin) > Site > Admin Console.
- Click the Settings tab.
- Under Configuration, click Authentication.
- To add a new CAS provider: Click Add > CAS ....
- To edit an existing provider: Click Edit next to the target provider.
- On the Configure CAS Authentication page, enter the following:
- Description: Enter a unique descriptive label for this provider.
- CAS Server URL: Enter a CAS server URL. The URL should start with "https://" and end with "/cas"
- Default to CAS Login: Place a checkmark to make CAS the default login method.
- Enabled: Turn on/off this provider. Displayed on the main Authentication dashboard.
- Page header logo / Login page logo: Logo branding for the login UI. See screen shots below.
- Click Save.
Single Sign On Logo
The logos, which can be displayed on either the header area or on the login page, signals to users that single sign on is available. When the logo is clicked, LabKey Server will attempt to authenticate the user against the CAS server.